Sci/Tech iCloud hacked: The Dangerous Side Of Apple's iCloud

tom_mai78101

tom_mai78101

The Helper Connoisseur / Ex-MineCraft Host
Staff member
Reaction score
1,663
Apple‘s iCloud service brings a whole raft of services — email, calendar, contacts, ‘Find My iPhone” and cloud storage — and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong hands, you can find yourself very quickly in a world of pain.

This is what happened to Mat Honan, former journalist for Gizmodo and former contributing editor to WIRED magazine. Before the hackers gained access to his Twitter account and that of Gizmodo, the hackers first gained access to his iCloud account, where they caused irrevocable havoc.

At 4:50 PM, someone got into my iCloud account, reset the password and sent the confirmation message about the reset to the trash. My password was a 7 digit alphanumeric that I didn’t use elsewhere. When I set it up, years and years ago, that seemed pretty secure at the time. But it’s not. Especially given that I’ve been using it for, well, years and years. My guess is they used brute force to get the password, and then reset it to do the damage to my devices.

The backup email address on my Gmail account is that same .mac email address. At 4:52 PM, they sent a Gmail password recovery email to the .mac account. Two minutes later, an email arrived notifying me that my Google Account password had changed.

At 5:00 PM, they remote wiped my iPhone.
At 5:01 PM, they remote wiped my iPad.
At 5:05, they remote wiped my MacBook Air.
Click to expand...

The end result, is massive devastation.

www.forbes.com

The Dangerous Side Of Apple's iCloud

iCloud (Photo credit: Wikipedia) Apple's iCloud service brings a whole raft of services -- email, calendar, contacts, 'Find My iPhone" and cloud storage -- and stores them behind a single username and password. This is very convenient, but if that username and password falls into the wrong...
www.forbes.com www.forbes.com
 
Last edited by a moderator:
KaerfNomekop

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
612
That's the risk when you connect to a hive mind. The hive can connect to you.
 
SouLEDGE

SouLEDGE

Damn you advanced calculus
Reaction score
75
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
 
KaerfNomekop

KaerfNomekop

Swim, fishies. Swim through the veil of steel.
Reaction score
612
Maybe he had physical backups that were also connected to the hive.
 
FireCat

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
533
SouLEDGE said:
So I'm assuming he didnt have any physical backups his devices?
That's like having a car and not having insurance.
When will these people learn -_-
Click to expand...
QFT

I still can’t get into Gmail. My phone and iPads are down (but are restoring). Apple tells me that the remote wipe is likely irrecoverable without serious forensics. Because I’m a jerk who doesn’t back up data, I’ve lost at more than a year’s worth of photos, emails, documents, and more. And, really, who knows what else.
Click to expand...
 
Slapshot136

Slapshot136

Divide et impera
Reaction score
471
the icloud was not hacked - deceptive title

and whoever has 0 backups has no right to whine about data loss - it's as simple as that.
 
phyrex1an

phyrex1an

Staff Member and irregular helper
Reaction score
447
Slapshot136 said:
the weak password of a single user was compromised.
Click to expand...
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.

The more complex story involves abusing the different policies used by Amazon and Apple to finally grant access to pretty much everything. http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
 
FireCat

FireCat

Oh Shi.. Don't wake the tiger!
Reaction score
533
the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Click to expand...
Wow that's pretty scary.
 
Slapshot136

Slapshot136

Divide et impera
Reaction score
471
phyrex1an said:
You're wrong and the article is dated. The victim guessed that his password was brute forced, but this turned out to not be the case. Simplified, the attacker called customer service and asked for access to an account that wasn't his and customer service gave him access.
Click to expand...

allow me to repeat myself: 1 password was compromised (amazon), I never claimed that it was via a brute force attack or anything - and after that there was a domino effect because the accounts were too closely linked - there was no hacking involved, only a couple of calls that were more social engineering than anything else
 
phyrex1an

phyrex1an

Staff Member and irregular helper
Reaction score
447
Slapshot136 said:
allow me to repeat myself: 1 password was compromised (amazon),
Click to expand...
But it wasn't compromised because it was weak, which is what you claimed. If you read my post carefully you'll also find that I never said it was you who claimed that a brute force attack was used, nor did I claim that anything else than social engineering was going on.

Just to be clear about the password: The password set by the victim on the Amazon account was never known to the attacker. Instead, the attacker was able to reset the password to a email address of the attackers choice using only the billing address of the victim. Using a stronger password wouldn't have helped.
 
You must log in or register to reply here.
General chit-chat
Help Users
  • No one is chatting at the moment.
  • The Helper The Helper:
    Actually I was just playing with having some kind of mention of the food forum and recipes on the main page to test and see if it would engage some of those people to post something. It is just weird to get so much traffic and no engagement
  • The Helper The Helper:
    So what it really is me trying to implement some kind of better site navigation not change the whole theme of the site
  • Varine Varine:
    How can you tell the difference between real traffic and indexing or AI generation bots?
  • The Helper The Helper:
    The bots will show up as users online in the forum software but they do not show up in my stats tracking. I am sure there are bots in the stats but the way alot of the bots treat the site do not show up on the stats
  • The Helper The Helper:
    New recipe is Shipwreck Dinner - https://www.thehelper.net/threads/recipe-shipwreck-dinner.193511/
  • Varine Varine:
    I want to build a filtration system for my 3d printer, and that shit is so much more complicated than I thought it would be
  • Varine Varine:
    Apparently ABS emits styrene particulates which can be like .2 micrometers, which idk if the VOC detectors I have can even catch that
  • Varine Varine:
    Anyway I need to get some of those sensors and two air pressure sensors installed before an after the filters, which I need to figure out how to calculate the necessary pressure for and I have yet to find anything that tells me how to actually do that, just the cfm ratings
  • Varine Varine:
    And then I have to set up an arduino board to read those sensors, which I also don't know very much about but I have a whole bunch of crash course things for that
  • Varine Varine:
    These sensors are also a lot more than I thought they would be. Like 5 to 10 each, idk why but I assumed they would be like 2 dollars
  • Varine Varine:
    Another issue I'm learning is that a lot of the air quality sensors don't work at very high ambient temperatures. I'm planning on heating this enclosure to like 60C or so, and that's the upper limit of their functionality
  • Varine Varine:
    Although I don't know if I need to actually actively heat it or just let the plate and hotend bring the ambient temp to whatever it will, but even then I need to figure out an exfiltration for hot air. I think I kind of know what to do but it's still fucking confusing
  • The Helper The Helper:
    Maybe you could find some of that information from AC tech - like how they detect freon and such
  • Varine Varine:
    That's mostly what I've been looking at
  • Varine Varine:
    I don't think I'm dealing with quite the same pressures though, at the very least its a significantly smaller system. For the time being I'm just going to put together a quick scrubby box though and hope it works good enough to not make my house toxic
  • Varine Varine:
    I mean I don't use this enough to pose any significant danger I don't think, but I would still rather not be throwing styrene all over the air
  • The Helper The Helper:
    New dessert added to recipes Southern Pecan Praline Cake https://www.thehelper.net/threads/recipe-southern-pecan-praline-cake.193555/
  • The Helper The Helper:
    Another bot invasion 493 members online most of them bots that do not show up on stats
  • Varine Varine:
    I'm looking at a solid 378 guests, but 3 members. Of which two are me and VSNES. The third is unlisted, which makes me think its a ghost.
     +1
  • The Helper The Helper:
    Some members choose invisibility mode
     +1
  • The Helper The Helper:
    Latest Recipe is Garlic Parmesan Chicken https://www.thehelper.net/threads/recipe-garlic-parmesan-chicken.193575/
  • The Helper The Helper:
    I bitch about Xenforo sometimes but it really is full featured you just have to really know what you are doing to get the most out of it.
  • The Helper The Helper:
    It is just not easy to fix styles and customize but it definitely can be done
  • The Helper The Helper:
    I do know this - xenforo dropped the ball by not keeping the vbulletin reputation comments as a feature. The loss of the Reputation comments data when we switched to Xenforo really was the death knell for the site when it came to all the users that left. I know I missed it so much and I got way less interested in the site when that feature was gone and I run the site.
  • Blackveiled Blackveiled:
    People love rep, lol
     +1

      The Helper Discord

      Members online

      Online now:
      327 (members: 1, guests: 326)

      Share this page

      Affiliates

      Hive Workshop NUON Dome World Editor Tutorials

      Network Sponsors

      Apex Steel Pipe - Buys and sells Steel Pipe.
      Top